Yup, the generated signature is the same as the one I calculated in my code (md5(userid+apptoken)) where the userid is my userid-string from my settings page and the apptoken is from the api register&stats page for my app...

I think you are using the apptoken in place of the appid. They are two different things. The Appid is a public human readable name that you picked. The token is a secret that we assigned. If you read the documentation carefully, it will say where to use the appid and where to use the token.